AE Session : Yet Another Session Library

[eluser]Aea[/eluser]
It feels a little bit awkward releasing yet another session library, especially after another one was posted within the week. This code originates from some Native Session Library modifications I made a few weeks ago, but hadn't thought to release until now. Unlike (some of the) other session libraries, this code is:

- Extremely Lightweight
- Relies on Native $_SESSION variables
- Relies on PHP5 Functions

Offers:
- Protection against Session Fixation
- Efficient Handling of Flash Session Data

AE Session is only compatible with PHP5, however you can drop in Native Session's regeneration function and it should work. I work only with PHP5 thus there was no need to use the round-about PHP4 style session regeneration. This library doesn't do everything, in fact it does very few things (see KNDB Session if you need a powerful Session Library), but it does them very well.

Without further ado:

Code:

<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');

/**
* Session class using native PHP session features and hardened against session fixation.
* Includes handling for Flash Session Data & optimized for PHP5 (session_regenerate_id(TRUE) is not PHP4 Compatible)
*
* @package     CodeIgniter
* @subpackage  Libraries
* @category    Sessions
* @author      Artur Ergashev, Originally Forked from the code of Dariusz Debowczyk's 'Native Session'
*/

class CI_Session {

    function CI_Session()
    {
        $this->object =& get_instance();
        log_message('debug', 'AE_Session Class Initialized');
        $this->_sess_run();
    }

    function destroy()
    {
        unset($_SESSION);
        if ( isset( $_COOKIE[session_name()] ) )
        {
            setcookie(session_name(), '', $_SERVER['REQUEST_TIME']-42000, '/');
        }
        session_destroy();
    }

    function _sess_run()
    {
        session_start();

        if ($this->_session_id_expired())
        {
            session_regenerate_id(TRUE);
            $_SESSION['regenerated'] = $_SERVER['REQUEST_TIME'];
        }
        
        $this->_flash_countdown();
    }
    
    function _flash_countdown()
    {
        $session_keys = array_keys($_SESSION);
        
        foreach ($session_keys as $key)
        {
            $search = $key.':flash';
            if (isset($_SESSION[$search]))
            {
                if ($_SESSION[$search] <= 0)
                {
                    unset($_SESSION[$key], $_SESSION[$search]);
                }
                else
                {
                    --$_SESSION[$search];
                }
            }
        }
    }
    
    function _session_id_expired()
    {
        if (!isset($_SESSION['regenerated']))
        {
            $_SESSION['regenerated'] = $_SERVER['REQUEST_TIME'];
            return false;
        }

        $expiry_time = $_SERVER['REQUEST_TIME'] - $this->object->config->item('sess_expiration');

        if ($_SESSION['regenerated'] <=  $expiry_time)
        {
            return true;
        }

        return false;
    }
}
?&gt;

Installation and Usage
Drop the code named as Session.php into applications/libraries
Edit your config.php...

Code:

$config['sess_expiration']        = 300;

Five minutes seems like a good regeneration interval, you may adjust this based on your requirements. All other session variables are unused, and you may comment them out.

Setting and retrieving session data is done using $_SESSION['key'], you can at any time convert data to flash data and back, here's how this works...

Code:

$_SESSION['my_data'] = ...;
$_SESSION['my_data:flash'] = #

# corresponds to how many pages you want this data to persist. If you want to remove the flash data limit, simply unset the my_data:flash key, and it'll return to being persistent session data.

Enjoy, and feel free to improve on my implementation.